I'm waiting for my friend comment.

Deleted Win32KDiag.exe from Desktop. Downloaded (from a different link) and ran (after restarting computer) Win32KDiag.exe. Logfile looked similar except different time references. Logfile follows.

----------------------------------------------------------------------------------------------------------
Running from: C:\Users\admin\Desktop\Win32kDiag.exe

Log file at : C:\Users\admin\Desktop\Win32kDiag.txt

WARNING: Could not get backup privileges!

Searching 'C:\Windows'...



Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDia gLog.etl

[1] 2009-11-05 23:39:24 64 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDia gLog.etl ()



Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEve ntLog-Application.etl

[1] 2009-11-05 23:38:40 0 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEve ntLog-Application.etl ()



Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEve ntlog-Security.etl

[1] 2009-11-05 23:39:07 64 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEve ntlog-Security.etl ()



Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEve ntLog-System.etl

[1] 2009-11-05 23:39:07 64 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEve ntLog-System.etl ()





Finished!
-------------------------------------------------------------------------------------------------------

OK. Just hold on there....

We're not sure, what's happening with that log.

What ever happened to ESET log?

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

* Rkill.com
* Rkill.scr
* Rkill.pif
* Rkill.exe

* Double-click on the Rkill desktop icon to run the tool.
* If using Vista or Windows 7 right-click on it and choose Run As Administrator.
* A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
* If not, delete the file, then download and use the one provided in Link 2.
* If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
* Do not reboot until instructed.
* If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run then try to immediately run the following.

Now download and Run exeHelper.

* Please download exeHelper from Raktor to your desktop.
* Double-click on exeHelper.com to run the fix.
* A black window should pop up, press any key to close once the fix is completed.
* A log file named log.txt will be created in the directory where you ran exeHelper.com
* Attach the log.txt file to your next message.[/LIST]

Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).

Ran Rkill.exe and then exeHelper.com. Both seemed to run with no problem. The exeHelper logfile follows.

exeHelper by Raktor
Build 20091021
Run at 17:14:21 on 11/06/09
Now searching...
Checking for numerical processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--

Delete your copy of RoorRepeal, download fresh one and see, if it'll run.

RootRepeal.exe locked up again.

??

I assume, the redirection is still there?
Can you post fresh Combofix log?